Pierluigi Paganini
February 20, 2017
A group of hackers who is calling themselves “Pro_Mast3r” has defaced a website associated with President Donald Trump’s presidential campaign fundraising on Sunday.
The website was hosted on the server secure2.donaldjtrump.com that is managed by the Cloudflare content management and security platform.
The website is not directly linked from the Trump Pence campaign’s home page. According to the Ars website, the hacked machine is an actual Trump campaign server that uses a legitimate certificate.
“But it does appear to be an actual Trump campaign server—its certificate is legitimate, but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure.” states Ars.
The defaced page displayed an image of a man in a fedora and the following text:
Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq
The analysis of the source code of the page revealed the presence of a link to a javascript on a now-nonexistent Google Code account, ‘masterendi’. This account was associated with the hack of other websites.
The script is a snow animation script, it doesn’t include any malicious component.
The strange circumstance in this hack is that attackers included JavaScript that was no more available in the wild.
Archive.org includes several instances of the link at this specific Javascript, but they are no more active since 2015.
At the time I was writing the server is down.
Let’s wait for a reply from both Cloudflare and the Trump-Pence campaign team.
[adrotate banner=”9″]
(Security Affairs – Pro_Mast3r, Trump website)
APT / November 18, 2024
